ikev2_crypto.c revision de2dd6c3
1/*
2 * Copyright (c) 2015 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include <vlib/vlib.h>
17#include <vnet/vnet.h>
18#include <vnet/pg/pg.h>
19#include <vppinfra/error.h>
20#include <vnet/udp/udp.h>
21#include <plugins/ikev2/ikev2.h>
22#include <plugins/ikev2/ikev2_priv.h>
23#include <openssl/obj_mac.h>
24#include <openssl/ec.h>
25#include <openssl/x509.h>
26#include <openssl/pem.h>
27#include <openssl/bn.h>
28#include <openssl/dh.h>
29
30/* from RFC7296 */
31static const char modp_dh_768_prime[] =
32  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
33  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
34  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
35  "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF";
36static const char modp_dh_768_generator[] = "02";
37
38static const char modp_dh_1024_prime[] =
39  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
40  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
41  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
42  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
43  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" "FFFFFFFFFFFFFFFF";
44static const char modp_dh_1024_generator[] = "02";
45
46/* from RFC3526 */
47static const char modp_dh_1536_prime[] =
48  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
49  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
50  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
51  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
52  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
53  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
54  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
55  "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF";
56static const char modp_dh_1536_generator[] = "02";
57
58static const char modp_dh_2048_prime[] =
59  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
60  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
61  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
62  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
63  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
64  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
65  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
66  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
67  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
68  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
69  "15728E5A8AACAA68FFFFFFFFFFFFFFFF";
70static const char modp_dh_2048_generator[] = "02";
71
72static const char modp_dh_3072_prime[] =
73  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
74  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
75  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
76  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
77  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
78  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
79  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
80  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
81  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
82  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
83  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
84  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
85  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
86  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
87  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
88  "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
89static const char modp_dh_3072_generator[] = "02";
90
91static const char modp_dh_4096_prime[] =
92  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
93  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
94  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
95  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
96  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
97  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
98  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
99  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
100  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
101  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
102  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
103  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
104  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
105  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
106  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
107  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
108  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
109  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
110  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
111  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
112  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" "FFFFFFFFFFFFFFFF";
113static const char modp_dh_4096_generator[] = "02";
114
115static const char modp_dh_6144_prime[] =
116  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08"
117  "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B"
118  "302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9"
119  "A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE6"
120  "49286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8"
121  "FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D"
122  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C"
123  "180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718"
124  "3995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D"
125  "04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7D"
126  "B3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D226"
127  "1AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
128  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFC"
129  "E0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B26"
130  "99C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB"
131  "04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2"
132  "233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127"
133  "D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
134  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406"
135  "AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918"
136  "DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B33205151"
137  "2BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03"
138  "F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97F"
139  "BEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
140  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58B"
141  "B7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632"
142  "387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E"
143  "6DCC4024FFFFFFFFFFFFFFFF";
144static const char modp_dh_6144_generator[] = "02";
145
146static const char modp_dh_8192_prime[] =
147  "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1"
148  "29024E088A67CC74020BBEA63B139B22514A08798E3404DD"
149  "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245"
150  "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED"
151  "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D"
152  "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F"
153  "83655D23DCA3AD961C62F356208552BB9ED529077096966D"
154  "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B"
155  "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9"
156  "DE2BCBF6955817183995497CEA956AE515D2261898FA0510"
157  "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64"
158  "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7"
159  "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B"
160  "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C"
161  "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31"
162  "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7"
163  "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA"
164  "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6"
165  "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED"
166  "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9"
167  "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492"
168  "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD"
169  "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831"
170  "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
171  "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF"
172  "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6"
173  "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3"
174  "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA"
175  "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328"
176  "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C"
177  "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE"
178  "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4"
179  "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300"
180  "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568"
181  "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9"
182  "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B"
183  "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A"
184  "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36"
185  "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1"
186  "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92"
187  "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47"
188  "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71"
189  "60C980DD98EDD3DFFFFFFFFFFFFFFFFF";
190static const char modp_dh_8192_generator[] = "02";
191
192/* from RFC5114 */
193static const char modp_dh_1024_160_prime[] =
194  "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6"
195  "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0"
196  "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70"
197  "98488E9C219A73724EFFD6FAE5644738FAA31A4FF55BCCC0"
198  "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" "DF1FB2BC2E4A4371";
199static const char modp_dh_1024_160_generator[] =
200  "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F"
201  "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213"
202  "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1"
203  "909D0D2263F80A76A6A24C087A091F531DBF0A0169B6A28A"
204  "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" "855E6EEB22B3B2E5";
205
206static const char modp_dh_2048_224_prime[] =
207  "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1"
208  "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15"
209  "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212"
210  "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207"
211  "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708"
212  "B3BF8A317091883681286130BC8985DB1602E714415D9330"
213  "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D"
214  "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8"
215  "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763"
216  "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71"
217  "CF9DE5384E71B81C0AC4DFFE0C10E64F";
218static const char modp_dh_2048_224_generator[] =
219  "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"
220  "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"
221  "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"
222  "C17669101999024AF4D027275AC1348BB8A762D0521BC98A"
223  "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE"
224  "F180EB34118E98D119529A45D6F834566E3025E316A330EF"
225  "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB"
226  "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381"
227  "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269"
228  "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179"
229  "81BC087F2A7065B384B890D3191F2BFA";
230
231static const char modp_dh_2048_256_prime[] =
232  "87A8E61DB4B6663CFFBBD19C651959998CEEF608660DD0F2"
233  "5D2CEED4435E3B00E00DF8F1D61957D4FAF7DF4561B2AA30"
234  "16C3D91134096FAA3BF4296D830E9A7C209E0C6497517ABD"
235  "5A8A9D306BCF67ED91F9E6725B4758C022E0B1EF4275BF7B"
236  "6C5BFC11D45F9088B941F54EB1E59BB8BC39A0BF12307F5C"
237  "4FDB70C581B23F76B63ACAE1CAA6B7902D52526735488A0E"
238  "F13C6D9A51BFA4AB3AD8347796524D8EF6A167B5A41825D9"
239  "67E144E5140564251CCACB83E6B486F6B3CA3F7971506026"
240  "C0B857F689962856DED4010ABD0BE621C3A3960A54E710C3"
241  "75F26375D7014103A4B54330C198AF126116D2276E11715F"
242  "693877FAD7EF09CADB094AE91E1A1597";
243static const char modp_dh_2048_256_generator[] =
244  "3FB32C9B73134D0B2E77506660EDBD484CA7B18F21EF2054"
245  "07F4793A1A0BA12510DBC15077BE463FFF4FED4AAC0BB555"
246  "BE3A6C1B0C6B47B1BC3773BF7E8C6F62901228F8C28CBB18"
247  "A55AE31341000A650196F931C77A57F2DDF463E5E9EC144B"
248  "777DE62AAAB8A8628AC376D282D6ED3864E67982428EBC83"
249  "1D14348F6F2F9193B5045AF2767164E1DFC967C1FB3F2E55"
250  "A4BD1BFFE83B9C80D052B985D182EA0ADB2A3B7313D3FE14"
251  "C8484B1E052588B9B7D2BBD2DF016199ECD06E1557CD0915"
252  "B3353BBB64E0EC377FD028370DF92B52C7891428CDC67EB6"
253  "184B523D1DB246C32F63078490F00EF8D647D148D4795451"
254  "5E2327CFEF98C582664B4C0F6CC41659";
255
256v8 *
257ikev2_calc_prf (ikev2_sa_transform_t * tr, v8 * key, v8 * data)
258{
259#if OPENSSL_VERSION_NUMBER >= 0x10100000L
260  HMAC_CTX *ctx;
261#else
262  HMAC_CTX ctx;
263#endif
264  v8 *prf;
265  unsigned int len = 0;
266
267  prf = vec_new (u8, tr->key_trunc);
268#if OPENSSL_VERSION_NUMBER >= 0x10100000L
269  ctx = HMAC_CTX_new ();
270  HMAC_Init_ex (ctx, key, vec_len (key), tr->md, NULL);
271  HMAC_Update (ctx, data, vec_len (data));
272  HMAC_Final (ctx, prf, &len);
273#else
274  HMAC_CTX_init (&ctx);
275  HMAC_Init_ex (&ctx, key, vec_len (key), tr->md, NULL);
276  HMAC_Update (&ctx, data, vec_len (data));
277  HMAC_Final (&ctx, prf, &len);
278  HMAC_CTX_cleanup (&ctx);
279#endif
280  ASSERT (len == tr->key_trunc);
281
282  return prf;
283}
284
285u8 *
286ikev2_calc_prfplus (ikev2_sa_transform_t * tr, u8 * key, u8 * seed, int len)
287{
288  v8 *t = 0, *s = 0, *tmp = 0, *ret = 0;
289  u8 x = 0;
290
291  /* prf+ (K,S) = T1 | T2 | T3 | T4 | ...
292
293     where:
294     T1 = prf (K, S | 0x01)
295     T2 = prf (K, T1 | S | 0x02)
296     T3 = prf (K, T2 | S | 0x03)
297     T4 = prf (K, T3 | S | 0x04)
298   */
299
300  while (vec_len (ret) < len && x < 255)
301    {
302      if (t)
303	{
304	  vec_append (s, t);
305	  vec_free (t);
306	}
307
308      vec_append (s, seed);
309      vec_add2 (s, tmp, 1);
310      *tmp = x + 1;
311      t = ikev2_calc_prf (tr, key, s);
312      vec_append (ret, t);
313      vec_free (s);
314      x++;
315    }
316
317  vec_free (t);
318
319  if (x == 255)
320    {
321      vec_free (ret);
322    }
323
324  return ret;
325}
326
327v8 *
328ikev2_calc_integr (ikev2_sa_transform_t * tr, v8 * key, u8 * data, int len)
329{
330  v8 *r;
331#if OPENSSL_VERSION_NUMBER >= 0x10100000L
332  HMAC_CTX *hctx;
333#else
334  HMAC_CTX hctx;
335#endif
336  unsigned int l;
337
338  ASSERT (tr->type == IKEV2_TRANSFORM_TYPE_INTEG);
339
340  r = vec_new (u8, tr->key_len);
341
342  if (tr->md == EVP_sha1 ())
343    {
344      clib_warning ("integrity checking with sha1");
345    }
346  else if (tr->md == EVP_sha256 ())
347    {
348      clib_warning ("integrity checking with sha256");
349    }
350
351  /* verify integrity of data */
352#if OPENSSL_VERSION_NUMBER >= 0x10100000L
353  hctx = HMAC_CTX_new ();
354  HMAC_Init_ex (hctx, key, vec_len (key), tr->md, NULL);
355  HMAC_Update (hctx, (const u8 *) data, len);
356  HMAC_Final (hctx, r, &l);
357#else
358  HMAC_CTX_init (&hctx);
359  HMAC_Init_ex (&hctx, key, vec_len (key), tr->md, NULL);
360  HMAC_Update (&hctx, (const u8 *) data, len);
361  HMAC_Final (&hctx, r, &l);
362  HMAC_CTX_cleanup (&hctx);
363#endif
364
365  ASSERT (l == tr->key_len);
366
367  return r;
368}
369
370v8 *
371ikev2_decrypt_data (ikev2_sa_t * sa, u8 * data, int len)
372{
373#if OPENSSL_VERSION_NUMBER >= 0x10100000L
374  EVP_CIPHER_CTX *ctx;
375#else
376  EVP_CIPHER_CTX ctx;
377#endif
378  v8 *r;
379  int out_len = 0, block_size;
380  ikev2_sa_transform_t *tr_encr;
381  u8 *key = sa->is_initiator ? sa->sk_er : sa->sk_ei;
382
383  tr_encr =
384    ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
385  block_size = tr_encr->block_size;
386
387  /* check if data is multiplier of cipher block size */
388  if (len % block_size)
389    {
390      clib_warning ("wrong data length");
391      return 0;
392    }
393
394#if OPENSSL_VERSION_NUMBER >= 0x10100000L
395  ctx = EVP_CIPHER_CTX_new ();
396#else
397  EVP_CIPHER_CTX_init (&ctx);
398#endif
399
400  r = vec_new (u8, len - block_size);
401
402#if OPENSSL_VERSION_NUMBER >= 0x10100000L
403  EVP_DecryptInit_ex (ctx, tr_encr->cipher, NULL, key, data);
404  EVP_DecryptUpdate (ctx, r, &out_len, data + block_size, len - block_size);
405  EVP_DecryptFinal_ex (ctx, r + out_len, &out_len);
406#else
407  EVP_DecryptInit_ex (&ctx, tr_encr->cipher, NULL, key, data);
408  EVP_DecryptUpdate (&ctx, r, &out_len, data + block_size, len - block_size);
409  EVP_DecryptFinal_ex (&ctx, r + out_len, &out_len);
410#endif
411  /* remove padding */
412  _vec_len (r) -= r[vec_len (r) - 1] + 1;
413
414#if OPENSSL_VERSION_NUMBER < 0x10100000L
415  EVP_CIPHER_CTX_cleanup (&ctx);
416#endif
417  return r;
418}
419
420int
421ikev2_encrypt_data (ikev2_sa_t * sa, v8 * src, u8 * dst)
422{
423#if OPENSSL_VERSION_NUMBER >= 0x10100000L
424  EVP_CIPHER_CTX *ctx;
425#else
426  EVP_CIPHER_CTX ctx;
427#endif
428  int out_len;
429  int bs;
430  ikev2_sa_transform_t *tr_encr;
431  u8 *key = sa->is_initiator ? sa->sk_ei : sa->sk_er;
432
433  tr_encr =
434    ikev2_sa_get_td_for_type (sa->r_proposals, IKEV2_TRANSFORM_TYPE_ENCR);
435  bs = tr_encr->block_size;
436
437  /* generate IV */
438  RAND_bytes (dst, bs);
439
440#if OPENSSL_VERSION_NUMBER >= 0x10100000L
441  ctx = EVP_CIPHER_CTX_new ();
442  EVP_EncryptInit_ex (ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
443  EVP_EncryptUpdate (ctx, dst + bs, &out_len, src, vec_len (src));
444#else
445  EVP_CIPHER_CTX_init (&ctx);
446  EVP_EncryptInit_ex (&ctx, tr_encr->cipher, NULL, key, dst /* dst */ );
447  EVP_EncryptUpdate (&ctx, dst + bs, &out_len, src, vec_len (src));
448  EVP_CIPHER_CTX_cleanup (&ctx);
449#endif
450
451  ASSERT (vec_len (src) == out_len);
452
453  return out_len + bs;
454}
455
456void
457ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
458{
459  int r;
460
461  if (t->dh_group == IKEV2_DH_GROUP_MODP)
462    {
463      DH *dh = DH_new ();
464#if OPENSSL_VERSION_NUMBER >= 0x10100000L
465      BIGNUM *p = NULL;
466      BIGNUM *g = NULL;
467      const BIGNUM *pub_key, *priv_key;
468
469      BN_hex2bn (&p, t->dh_p);
470      BN_hex2bn (&g, t->dh_g);
471      DH_set0_pqg (dh, p, NULL, g);
472#else
473      BN_hex2bn (&dh->p, t->dh_p);
474      BN_hex2bn (&dh->g, t->dh_g);
475#endif
476      DH_generate_key (dh);
477
478      if (sa->is_initiator)
479	{
480	  sa->i_dh_data = vec_new (u8, t->key_len);
481	  sa->dh_private_key = vec_new (u8, t->key_len);
482#if OPENSSL_VERSION_NUMBER >= 0x10100000L
483	  DH_get0_key (dh, &pub_key, &priv_key);
484	  r = BN_bn2bin (pub_key, sa->i_dh_data);
485	  ASSERT (r == t->key_len);
486	  r = BN_bn2bin (priv_key, sa->dh_private_key);
487#else
488	  r = BN_bn2bin (dh->pub_key, sa->i_dh_data);
489	  ASSERT (r == t->key_len);
490	  r = BN_bn2bin (dh->priv_key, sa->dh_private_key);
491#endif
492	  ASSERT (r == t->key_len);
493	}
494      else
495	{
496	  sa->r_dh_data = vec_new (u8, t->key_len);
497#if OPENSSL_VERSION_NUMBER >= 0x10100000L
498	  DH_get0_key (dh, &pub_key, &priv_key);
499	  r = BN_bn2bin (pub_key, sa->r_dh_data);
500#else
501	  r = BN_bn2bin (dh->pub_key, sa->r_dh_data);
502#endif
503	  ASSERT (r == t->key_len);
504
505	  BIGNUM *ex;
506	  sa->dh_shared_key = vec_new (u8, t->key_len);
507	  ex = BN_bin2bn (sa->i_dh_data, vec_len (sa->i_dh_data), NULL);
508	  r = DH_compute_key (sa->dh_shared_key, ex, dh);
509	  ASSERT (r == t->key_len);
510	  BN_clear_free (ex);
511	}
512      DH_free (dh);
513    }
514  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
515    {
516      EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
517      ASSERT (ec);
518
519      EC_KEY_generate_key (ec);
520
521      const EC_POINT *r_point = EC_KEY_get0_public_key (ec);
522      const EC_GROUP *group = EC_KEY_get0_group (ec);
523      BIGNUM *x = NULL, *y = NULL;
524      BN_CTX *bn_ctx = BN_CTX_new ();
525      u16 x_off, y_off, len;
526      EC_POINT *i_point = EC_POINT_new (group);
527      EC_POINT *shared_point = EC_POINT_new (group);
528
529      x = BN_new ();
530      y = BN_new ();
531      len = t->key_len / 2;
532
533#if OPENSSL_VERSION_NUMBER >= 0x30000000L
534      EC_POINT_get_affine_coordinates (group, r_point, x, y, bn_ctx);
535#else
536      EC_POINT_get_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
537#endif
538
539      if (sa->is_initiator)
540	{
541	  sa->i_dh_data = vec_new (u8, t->key_len);
542	  x_off = len - BN_num_bytes (x);
543	  clib_memset (sa->i_dh_data, 0, x_off);
544	  BN_bn2bin (x, sa->i_dh_data + x_off);
545	  y_off = t->key_len - BN_num_bytes (y);
546	  clib_memset (sa->i_dh_data + len, 0, y_off - len);
547	  BN_bn2bin (y, sa->i_dh_data + y_off);
548
549	  const BIGNUM *prv = EC_KEY_get0_private_key (ec);
550	  sa->dh_private_key = vec_new (u8, BN_num_bytes (prv));
551	  r = BN_bn2bin (prv, sa->dh_private_key);
552	  ASSERT (r == BN_num_bytes (prv));
553	}
554      else
555	{
556	  sa->r_dh_data = vec_new (u8, t->key_len);
557	  x_off = len - BN_num_bytes (x);
558	  clib_memset (sa->r_dh_data, 0, x_off);
559	  BN_bn2bin (x, sa->r_dh_data + x_off);
560	  y_off = t->key_len - BN_num_bytes (y);
561	  clib_memset (sa->r_dh_data + len, 0, y_off - len);
562	  BN_bn2bin (y, sa->r_dh_data + y_off);
563
564	  x = BN_bin2bn (sa->i_dh_data, len, x);
565	  y = BN_bin2bn (sa->i_dh_data + len, len, y);
566#if OPENSSL_VERSION_NUMBER >= 0x30000000L
567	  EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
568#else
569	  EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
570#endif
571	  sa->dh_shared_key = vec_new (u8, t->key_len);
572	  EC_POINT_mul (group, shared_point, NULL, i_point,
573			EC_KEY_get0_private_key (ec), NULL);
574#if OPENSSL_VERSION_NUMBER >= 0x30000000L
575	  EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
576#else
577	  EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
578					       bn_ctx);
579#endif
580	  x_off = len - BN_num_bytes (x);
581	  clib_memset (sa->dh_shared_key, 0, x_off);
582	  BN_bn2bin (x, sa->dh_shared_key + x_off);
583	  y_off = t->key_len - BN_num_bytes (y);
584	  clib_memset (sa->dh_shared_key + len, 0, y_off - len);
585	  BN_bn2bin (y, sa->dh_shared_key + y_off);
586	}
587
588      EC_KEY_free (ec);
589      BN_free (x);
590      BN_free (y);
591      BN_CTX_free (bn_ctx);
592      EC_POINT_free (i_point);
593      EC_POINT_free (shared_point);
594    }
595}
596
597void
598ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
599{
600  int r;
601
602  if (t->dh_group == IKEV2_DH_GROUP_MODP)
603    {
604      DH *dh = DH_new ();
605#if OPENSSL_VERSION_NUMBER >= 0x10100000L
606      BIGNUM *p = NULL;
607      BIGNUM *g = NULL;
608      BIGNUM *priv_key;
609
610      BN_hex2bn (&p, t->dh_p);
611      BN_hex2bn (&g, t->dh_g);
612      DH_set0_pqg (dh, p, NULL, g);
613
614      priv_key =
615	BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
616      DH_set0_key (dh, NULL, priv_key);
617#else
618      BN_hex2bn (&dh->p, t->dh_p);
619      BN_hex2bn (&dh->g, t->dh_g);
620
621      dh->priv_key =
622	BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
623#endif
624      BIGNUM *ex;
625      sa->dh_shared_key = vec_new (u8, t->key_len);
626      ex = BN_bin2bn (sa->r_dh_data, vec_len (sa->r_dh_data), NULL);
627      r = DH_compute_key (sa->dh_shared_key, ex, dh);
628      ASSERT (r == t->key_len);
629      BN_clear_free (ex);
630      DH_free (dh);
631    }
632  else if (t->dh_group == IKEV2_DH_GROUP_ECP)
633    {
634      EC_KEY *ec = EC_KEY_new_by_curve_name (t->nid);
635      ASSERT (ec);
636
637      const EC_GROUP *group = EC_KEY_get0_group (ec);
638      BIGNUM *x = NULL, *y = NULL;
639      BN_CTX *bn_ctx = BN_CTX_new ();
640      u16 x_off, y_off, len;
641      BIGNUM *prv;
642
643      prv =
644	BN_bin2bn (sa->dh_private_key, vec_len (sa->dh_private_key), NULL);
645      EC_KEY_set_private_key (ec, prv);
646
647      x = BN_new ();
648      y = BN_new ();
649      len = t->key_len / 2;
650
651      x = BN_bin2bn (sa->r_dh_data, len, x);
652      y = BN_bin2bn (sa->r_dh_data + len, len, y);
653      EC_POINT *r_point = EC_POINT_new (group);
654#if OPENSSL_VERSION_NUMBER >= 0x30000000L
655      EC_POINT_set_affine_coordinates (group, r_point, x, y, bn_ctx);
656#else
657      EC_POINT_set_affine_coordinates_GFp (group, r_point, x, y, bn_ctx);
658#endif
659      EC_KEY_set_public_key (ec, r_point);
660
661      EC_POINT *i_point = EC_POINT_new (group);
662      EC_POINT *shared_point = EC_POINT_new (group);
663
664      x = BN_bin2bn (sa->i_dh_data, len, x);
665      y = BN_bin2bn (sa->i_dh_data + len, len, y);
666#if OPENSSL_VERSION_NUMBER >= 0x30000000L
667      EC_POINT_set_affine_coordinates (group, i_point, x, y, bn_ctx);
668#else
669      EC_POINT_set_affine_coordinates_GFp (group, i_point, x, y, bn_ctx);
670#endif
671      EC_POINT_mul (group, shared_point, NULL, r_point,
672		    EC_KEY_get0_private_key (ec), NULL);
673#if OPENSSL_VERSION_NUMBER >= 0x30000000L
674      EC_POINT_get_affine_coordinates (group, shared_point, x, y, bn_ctx);
675#else
676      EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
677#endif
678      sa->dh_shared_key = vec_new (u8, t->key_len);
679      x_off = len - BN_num_bytes (x);
680      clib_memset (sa->dh_shared_key, 0, x_off);
681      BN_bn2bin (x, sa->dh_shared_key + x_off);
682      y_off = t->key_len - BN_num_bytes (y);
683      clib_memset (sa->dh_shared_key + len, 0, y_off - len);
684      BN_bn2bin (y, sa->dh_shared_key + y_off);
685
686      EC_KEY_free (ec);
687      BN_free (x);
688      BN_free (y);
689      BN_free (prv);
690      BN_CTX_free (bn_ctx);
691      EC_POINT_free (i_point);
692      EC_POINT_free (r_point);
693      EC_POINT_free (shared_point);
694    }
695}
696
697int
698ikev2_verify_sign (EVP_PKEY * pkey, u8 * sigbuf, u8 * data)
699{
700#if OPENSSL_VERSION_NUMBER >= 0x10100000L
701  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
702#else
703  EVP_MD_CTX md_ctx;
704  EVP_MD_CTX_init (&md_ctx);
705#endif
706
707#if OPENSSL_VERSION_NUMBER >= 0x10100000L
708  EVP_VerifyInit (md_ctx, EVP_sha1 ());
709  EVP_VerifyUpdate (md_ctx, data, vec_len (data));
710#else
711  EVP_VerifyInit_ex (&md_ctx, EVP_sha1 (), NULL);
712  EVP_VerifyUpdate (&md_ctx, data, vec_len (data));
713#endif
714
715#if OPENSSL_VERSION_NUMBER >= 0x10100000L
716  return EVP_VerifyFinal (md_ctx, sigbuf, vec_len (sigbuf), pkey);
717#else
718  return EVP_VerifyFinal (&md_ctx, sigbuf, vec_len (sigbuf), pkey);
719#endif
720}
721
722u8 *
723ikev2_calc_sign (EVP_PKEY * pkey, u8 * data)
724{
725#if OPENSSL_VERSION_NUMBER >= 0x10100000L
726  EVP_MD_CTX *md_ctx = EVP_MD_CTX_new ();
727#else
728  EVP_MD_CTX md_ctx;
729#endif
730  unsigned int sig_len = 0;
731  u8 *sign;
732
733#if OPENSSL_VERSION_NUMBER >= 0x10100000L
734  EVP_SignInit (md_ctx, EVP_sha1 ());
735  EVP_SignUpdate (md_ctx, data, vec_len (data));
736  /* get sign len */
737  EVP_SignFinal (md_ctx, NULL, &sig_len, pkey);
738  sign = vec_new (u8, sig_len);
739  /* calc sign */
740  EVP_SignFinal (md_ctx, sign, &sig_len, pkey);
741#else
742  EVP_SignInit (&md_ctx, EVP_sha1 ());
743  EVP_SignUpdate (&md_ctx, data, vec_len (data));
744  /* get sign len */
745  EVP_SignFinal (&md_ctx, NULL, &sig_len, pkey);
746  sign = vec_new (u8, sig_len);
747  /* calc sign */
748  EVP_SignFinal (&md_ctx, sign, &sig_len, pkey);
749#endif
750  return sign;
751}
752
753EVP_PKEY *
754ikev2_load_cert_file (u8 * file)
755{
756  FILE *fp;
757  X509 *x509;
758  EVP_PKEY *pkey = NULL;
759
760  fp = fopen ((char *) file, "r");
761  if (!fp)
762    {
763      clib_warning ("open %s failed", file);
764      goto end;
765    }
766
767  x509 = PEM_read_X509 (fp, NULL, NULL, NULL);
768  fclose (fp);
769  if (x509 == NULL)
770    {
771      clib_warning ("read cert %s failed", file);
772      goto end;
773    }
774
775  pkey = X509_get_pubkey (x509);
776  if (pkey == NULL)
777    clib_warning ("get pubkey %s failed", file);
778
779end:
780  return pkey;
781}
782
783EVP_PKEY *
784ikev2_load_key_file (u8 * file)
785{
786  FILE *fp;
787  EVP_PKEY *pkey = NULL;
788
789  fp = fopen ((char *) file, "r");
790  if (!fp)
791    {
792      clib_warning ("open %s failed", file);
793      goto end;
794    }
795
796  pkey = PEM_read_PrivateKey (fp, NULL, NULL, NULL);
797  fclose (fp);
798  if (pkey == NULL)
799    clib_warning ("read %s failed", file);
800
801end:
802  return pkey;
803}
804
805void
806ikev2_crypto_init (ikev2_main_t * km)
807{
808  ikev2_sa_transform_t *tr;
809
810  /* vector of supported transforms - in order of preference */
811
812  //Encryption
813
814  vec_add2 (km->supported_transforms, tr, 1);
815  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
816  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
817  tr->key_len = 256 / 8;
818  tr->block_size = 128 / 8;
819  tr->cipher = EVP_aes_256_cbc ();
820
821  vec_add2 (km->supported_transforms, tr, 1);
822  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
823  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
824  tr->key_len = 192 / 8;
825  tr->block_size = 128 / 8;
826  tr->cipher = EVP_aes_192_cbc ();
827
828  vec_add2 (km->supported_transforms, tr, 1);
829  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
830  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_CBC;
831  tr->key_len = 128 / 8;
832  tr->block_size = 128 / 8;
833  tr->cipher = EVP_aes_128_cbc ();
834
835  vec_add2 (km->supported_transforms, tr, 1);
836  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
837  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
838  tr->key_len = 256 / 8;
839  tr->block_size = 128 / 8;
840  tr->cipher = EVP_aes_256_gcm ();
841
842  vec_add2 (km->supported_transforms, tr, 1);
843  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
844  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
845  tr->key_len = 192 / 8;
846  tr->block_size = 128 / 8;
847  tr->cipher = EVP_aes_192_gcm ();
848
849  vec_add2 (km->supported_transforms, tr, 1);
850  tr->type = IKEV2_TRANSFORM_TYPE_ENCR;
851  tr->encr_type = IKEV2_TRANSFORM_ENCR_TYPE_AES_GCM;
852  tr->key_len = 128 / 8;
853  tr->block_size = 128 / 8;
854  tr->cipher = EVP_aes_128_gcm ();
855
856  //PRF
857  vec_add2 (km->supported_transforms, tr, 1);
858  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
859  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_256;
860  tr->key_len = 256 / 8;
861  tr->key_trunc = 256 / 8;
862  tr->md = EVP_sha256 ();
863
864  vec_add2 (km->supported_transforms, tr, 1);
865  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
866  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_384;
867  tr->key_len = 384 / 8;
868  tr->key_trunc = 384 / 8;
869  tr->md = EVP_sha384 ();
870
871  vec_add2 (km->supported_transforms, tr, 1);
872  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
873  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA2_512;
874  tr->key_len = 512 / 8;
875  tr->key_trunc = 512 / 8;
876  tr->md = EVP_sha512 ();
877
878  vec_add2 (km->supported_transforms, tr, 1);
879  tr->type = IKEV2_TRANSFORM_TYPE_PRF;
880  tr->prf_type = IKEV2_TRANSFORM_PRF_TYPE_PRF_HMAC_SHA1;
881  tr->key_len = 160 / 8;
882  tr->key_trunc = 160 / 8;
883  tr->md = EVP_sha1 ();
884
885  //Integrity
886  vec_add2 (km->supported_transforms, tr, 1);
887  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
888  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_256_128;
889  tr->key_len = 256 / 8;
890  tr->key_trunc = 128 / 8;
891  tr->md = EVP_sha256 ();
892
893  vec_add2 (km->supported_transforms, tr, 1);
894  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
895  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_384_192;
896  tr->key_len = 384 / 8;
897  tr->key_trunc = 192 / 8;
898  tr->md = EVP_sha384 ();
899
900  vec_add2 (km->supported_transforms, tr, 1);
901  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
902  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA2_512_256;
903  tr->key_len = 512 / 8;
904  tr->key_trunc = 256 / 8;
905  tr->md = EVP_sha512 ();
906
907  vec_add2 (km->supported_transforms, tr, 1);
908  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
909  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_160;
910  tr->key_len = 160 / 8;
911  tr->key_trunc = 160 / 8;
912  tr->md = EVP_sha1 ();
913
914  vec_add2 (km->supported_transforms, tr, 1);
915  tr->type = IKEV2_TRANSFORM_TYPE_INTEG;
916  tr->integ_type = IKEV2_TRANSFORM_INTEG_TYPE_AUTH_HMAC_SHA1_96;
917  tr->key_len = 160 / 8;
918  tr->key_trunc = 96 / 8;
919  tr->md = EVP_sha1 ();
920
921
922#if defined(OPENSSL_NO_CISCO_FECDH)
923  vec_add2 (km->supported_transforms, tr, 1);
924  tr->type = IKEV2_TRANSFORM_TYPE_DH;
925  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_512;
926  tr->key_len = (512 * 2) / 8;
927  tr->nid = NID_brainpoolP512r1;
928  tr->dh_group = IKEV2_DH_GROUP_ECP;
929
930  vec_add2 (km->supported_transforms, tr, 1);
931  tr->type = IKEV2_TRANSFORM_TYPE_DH;
932  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_384;
933  tr->key_len = (384 * 2) / 8;
934  tr->nid = NID_brainpoolP384r1;
935  tr->dh_group = IKEV2_DH_GROUP_ECP;
936
937  vec_add2 (km->supported_transforms, tr, 1);
938  tr->type = IKEV2_TRANSFORM_TYPE_DH;
939  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_256;
940  tr->key_len = (256 * 2) / 8;
941  tr->nid = NID_brainpoolP256r1;
942  tr->dh_group = IKEV2_DH_GROUP_ECP;
943
944  vec_add2 (km->supported_transforms, tr, 1);
945  tr->type = IKEV2_TRANSFORM_TYPE_DH;
946  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_BRAINPOOL_224;
947  tr->key_len = (224 * 2) / 8;
948  tr->nid = NID_brainpoolP224r1;
949  tr->dh_group = IKEV2_DH_GROUP_ECP;
950
951  vec_add2 (km->supported_transforms, tr, 1);
952  tr->type = IKEV2_TRANSFORM_TYPE_DH;
953  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_224;
954  tr->key_len = (224 * 2) / 8;
955  tr->nid = NID_secp224r1;
956  tr->dh_group = IKEV2_DH_GROUP_ECP;
957#endif
958
959  vec_add2 (km->supported_transforms, tr, 1);
960  tr->type = IKEV2_TRANSFORM_TYPE_DH;
961  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_521;
962  tr->key_len = (528 * 2) / 8;
963  tr->nid = NID_secp521r1;
964  tr->dh_group = IKEV2_DH_GROUP_ECP;
965
966  vec_add2 (km->supported_transforms, tr, 1);
967  tr->type = IKEV2_TRANSFORM_TYPE_DH;
968  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_384;
969  tr->key_len = (384 * 2) / 8;
970  tr->nid = NID_secp384r1;
971  tr->dh_group = IKEV2_DH_GROUP_ECP;
972
973  vec_add2 (km->supported_transforms, tr, 1);
974  tr->type = IKEV2_TRANSFORM_TYPE_DH;
975  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_256;
976  tr->key_len = (256 * 2) / 8;
977  tr->nid = NID_X9_62_prime256v1;
978  tr->dh_group = IKEV2_DH_GROUP_ECP;
979
980  vec_add2 (km->supported_transforms, tr, 1);
981  tr->type = IKEV2_TRANSFORM_TYPE_DH;
982  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_ECP_192;
983  tr->key_len = (192 * 2) / 8;
984  tr->nid = NID_X9_62_prime192v1;
985  tr->dh_group = IKEV2_DH_GROUP_ECP;
986
987  vec_add2 (km->supported_transforms, tr, 1);
988  tr->type = IKEV2_TRANSFORM_TYPE_DH;
989  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_256;
990  tr->key_len = 2048 / 8;
991  tr->dh_p = (const char *) &modp_dh_2048_256_prime;
992  tr->dh_g = (const char *) &modp_dh_2048_256_generator;
993  tr->dh_group = IKEV2_DH_GROUP_MODP;
994
995  vec_add2 (km->supported_transforms, tr, 1);
996  tr->type = IKEV2_TRANSFORM_TYPE_DH;
997  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048_224;
998  tr->key_len = 2048 / 8;
999  tr->dh_p = (const char *) &modp_dh_2048_224_prime;
1000  tr->dh_g = (const char *) &modp_dh_2048_224_generator;
1001  tr->dh_group = IKEV2_DH_GROUP_MODP;
1002
1003  vec_add2 (km->supported_transforms, tr, 1);
1004  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1005  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024_160;
1006  tr->key_len = 1024 / 8;
1007  tr->dh_p = (const char *) &modp_dh_1024_160_prime;
1008  tr->dh_g = (const char *) &modp_dh_1024_160_generator;
1009  tr->dh_group = IKEV2_DH_GROUP_MODP;
1010
1011  vec_add2 (km->supported_transforms, tr, 1);
1012  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1013  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_8192;
1014  tr->key_len = 8192 / 8;
1015  tr->dh_p = (const char *) &modp_dh_8192_prime;
1016  tr->dh_g = (const char *) &modp_dh_8192_generator;
1017  tr->dh_group = IKEV2_DH_GROUP_MODP;
1018
1019  vec_add2 (km->supported_transforms, tr, 1);
1020  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1021  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_6144;
1022  tr->key_len = 6144 / 8;
1023  tr->dh_p = (const char *) &modp_dh_6144_prime;
1024  tr->dh_g = (const char *) &modp_dh_6144_generator;
1025  tr->dh_group = IKEV2_DH_GROUP_MODP;
1026
1027  vec_add2 (km->supported_transforms, tr, 1);
1028  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1029  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_4096;
1030  tr->key_len = 4096 / 8;
1031  tr->dh_p = (const char *) &modp_dh_4096_prime;
1032  tr->dh_g = (const char *) &modp_dh_4096_generator;
1033  tr->dh_group = IKEV2_DH_GROUP_MODP;
1034
1035  vec_add2 (km->supported_transforms, tr, 1);
1036  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1037  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_3072;
1038  tr->key_len = 3072 / 8;
1039  tr->dh_p = (const char *) &modp_dh_3072_prime;
1040  tr->dh_g = (const char *) &modp_dh_3072_generator;
1041  tr->dh_group = IKEV2_DH_GROUP_MODP;
1042
1043  vec_add2 (km->supported_transforms, tr, 1);
1044  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1045  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_2048;
1046  tr->key_len = 2048 / 8;
1047  tr->dh_p = (const char *) &modp_dh_2048_prime;
1048  tr->dh_g = (const char *) &modp_dh_2048_generator;
1049  tr->dh_group = IKEV2_DH_GROUP_MODP;
1050
1051  vec_add2 (km->supported_transforms, tr, 1);
1052  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1053  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1536;
1054  tr->key_len = 1536 / 8;
1055  tr->dh_p = (const char *) &modp_dh_1536_prime;
1056  tr->dh_g = (const char *) &modp_dh_1536_generator;
1057  tr->dh_group = IKEV2_DH_GROUP_MODP;
1058
1059  vec_add2 (km->supported_transforms, tr, 1);
1060  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1061  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_1024;
1062  tr->key_len = 1024 / 8;
1063  tr->dh_p = (const char *) &modp_dh_1024_prime;
1064  tr->dh_g = (const char *) &modp_dh_1024_generator;
1065  tr->dh_group = IKEV2_DH_GROUP_MODP;
1066
1067  vec_add2 (km->supported_transforms, tr, 1);
1068  tr->type = IKEV2_TRANSFORM_TYPE_DH;
1069  tr->dh_type = IKEV2_TRANSFORM_DH_TYPE_MODP_768;
1070  tr->key_len = 768 / 8;
1071  tr->dh_p = (const char *) &modp_dh_768_prime;
1072  tr->dh_g = (const char *) &modp_dh_768_generator;
1073  tr->dh_group = IKEV2_DH_GROUP_MODP;
1074
1075  vec_add2 (km->supported_transforms, tr, 1);
1076  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1077  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_ESN;
1078
1079  vec_add2 (km->supported_transforms, tr, 1);
1080  tr->type = IKEV2_TRANSFORM_TYPE_ESN;
1081  tr->esn_type = IKEV2_TRANSFORM_ESN_TYPE_NO_ESN;
1082}
1083
1084
1085
1086/*
1087 * fd.io coding-style-patch-verification: ON
1088 *
1089 * Local Variables:
1090 * eval: (c-set-style "gnu")
1091 * End:
1092 */
1093